The email message below with the subject: "Cards OnLine E-Statement E-Mail Notification," has a link to a malicious file that will infect your Windows computer if you open it. The message was designed to trick the recipients into clicking on the link within it, by claiming that they can view their E-Statement. But, the link will only download a malicious file onto their computers or devices.
The Fake and Virus Email Message
From: CardsOnLine [CardsOnLine @natwesti.com]
Date: 26 January 2015 at 13:06
Subject: Cards OnLine E-Statement E-Mail Notification
Your July 30, 2014 E-Statement for account number xxxxxxxxxxxx6956 from Cards OnLine is now available.
For more information please check link:
Many internet users have recently been targeted through bogus E-Mails by fraudsters claiming to be from their bank. These E-Mails ask customers to provide their internet banking security details in order to reactivate their account or verify an E-Mail address.
Please be on your guard against E-Mails that request any of your security details. If you receive an e-mail like this you must not respond.
Please remember that, for security reasons, apart from when you create them at registration or when you change your Internet Pin or Password, we will only ever ask you to enter random characters from your Internet PIN and Password when you logon to this service.
You must keep your security details secret. We would never ask you, by E-Mail, to enter (or record) these details in full and you must not respond to E-Mails asking for this information.
National Westminster Bank Plc, Registered in England No 929027. Registered
Office: 135 Bishopsgate, London EC2M 3UR. Authorised and regulated by the Financial Services Authority.
This E-Mail message is confidential and for use by the addressee only. If the message is received by anyone other than the addressee, please return the message to the sender by replying to it and then delete the message from your computer.internet E-Mails are not necessarily secure. National Westminster Bank Plc does not accept responsibility for changes made to this message after it was sent.
Whilst all reasonable care has been taken to avoid the transmission of viruses, it is the responsibility of the recipient to ensure that the onward transmission, opening or use of this message and any attachments will not adversely affect its systems or data. No responsibility is accepted by National Westminster Bank Plc in this regard and the recipient should carry out such virus and other checks as it considers appropriate.
The link in the email message will go to the following website address or location and download the file "security_notice55838.zip", which contrains the malicious file security_notice18074.exe:
- http://afreshperspective.com/NATWEST_BANK-MESSAGES-STORAGE /new.secured_document.html
The cybercriminals behind these malicious email messages aims are to trick the curious recipients into clicking on the link and opening the malicious file, which will infect their computers with a virus or Trojan horse.
Once their computers have become infected with the malicious Trojan horse, the cybercriminals behind the email message will be able to access and take control of their computers remotely from anywhere around the world. They may spy on them, use their computers to commit cybercrimes, or steal their personal and financial information.
Now, if you have already opened clicked on the link, downloaded and open the malicious file, please do a full scan of your computer with the antivirus software installed on it. The name of the attachment may change, so be careful when opening email attachments.
If you don’t have antivirus software installed on your computer, please click here for a list of free antivirus software.
Never open an attachment that has a name ending with ".exe", because these are computer programs that can infect your computer with a virus or some other malware.
Click here for a list of email attachments you should never open, regardless of where they came from.
For a list of other virus email messages, please click here.